Memory safety and security fixes

Reduce the use of unsafe swift constructs in favour of ones that
are memory safe. In the HTTP client remove the use of the unsafe
mutable pointer in favour of direct Data conversion before writing
the downloaded file to disk.

Upgrade the version of libarchive to 3.7.4, which includes some
security fixes that could have an impact on swiftly.

Construct Swiftly's own HTTPClient with the default decompression
configuration since the shared one exhibits a decompression limit
error with the GitHub API's.

Author: cmcgee1024

Sources/SwiftlyCore/HTTPClient.swift

@@ -166,9 +166,7 @@ public struct SwiftlyHTTPClient {
         for try await buffer in response.body {
             receivedBytes += buffer.readableBytes
 
-            try buffer.withUnsafeReadableBytes { bufferPtr in
-                try fileHandle.write(contentsOf: bufferPtr)
-            }
+            try fileHandle.write(contentsOf: buffer.readableBytesView)
 
             let now = Date()
             if let reportProgress, lastUpdate.distance(to: now) > 0.25 || receivedBytes == expectedBytes {
@@ -185,5 +183,5 @@ public struct SwiftlyHTTPClient {
 }
 
 private class HTTPClientWrapper {
-    fileprivate let inner = HTTPClient.shared
+    fileprivate let inner = HTTPClient(eventLoopGroupProvider: .singleton)
 }

scripts/install-libarchive.sh

@@ -3,7 +3,7 @@
 set -o errexit
 
 # TODO detect platform
-LIBARCHIVE_VERSION=3.6.1
+LIBARCHIVE_VERSION=3.7.4
 
 mkdir /tmp/archive-build
 pushd /tmp/archive-build